diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-09-17 12:06:00 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-09-17 12:06:00 +0200 |
commit | 514b29688f1dd48f93392931c58d21cbea8be5c2 (patch) | |
tree | 0f23a823d16b99a99e9fa3de3ccd25851878eaf2 | |
parent | 7ce84e123a63e4d2b523e2bc15515d3d6cf988d6 (diff) | |
download | papers-514b29688f1dd48f93392931c58d21cbea8be5c2.tar.gz papers-514b29688f1dd48f93392931c58d21cbea8be5c2.tar.bz2 papers-514b29688f1dd48f93392931c58d21cbea8be5c2.zip |
formatting
-rw-r--r-- | taler-fc19/paper.tex | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index abfcecf..baa7b14 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -782,7 +782,7 @@ We require the following two security properties for $\textsc{BlindSign}$: set of all possible blinded messages. Then the distribution of
\[ \left\{ (m, \sigma, \overline{m}, \overline{\sigma}) \,\middle|
\begin{array}{c}
- m\, \randsel M,
+ m\, \randsel M, \\
\overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m), \\
\overline{\sigma} \leftarrow \algo{Sign}_{BS}(\V{sk}, \overline{m}), \\
\sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \overline{\sigma})
@@ -790,11 +790,13 @@ We require the following two security properties for $\textsc{BlindSign}$: \right\} \]
must be computationally
indistinguishable from
- \[ \left\{ (m, \sigma, x, \sigma_x) \,\middle|\,
- m \randsel M,
- \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m)) )
- x \randsel \overline{M},
+ \[ \left\{ (m, \sigma, x, \sigma_x) \,\middle|\,
+ \begin{array}{c}
+ m \randsel M, \\
+ \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m)) ) \\
+ x \randsel \overline{M}, \\
\sigma_x \leftarrow \algo{UnblindSig}_{BS}(r, x, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), x)) )
+ \end{array}
\right\}. \]
\item \emph{unforgeability}: An adversary that requests $k$ signatures with $\algo{Sign}_{BS}$
is unable to produce $k+1$ valid signatures with non-negligible probability.
|